QR Codes as a Password/Key Storage Mechanism

I was doing some recent volunteer work for the Concord Scout House, Inc., setting up a new network and telephony infrastructure for this non-profit enterprise. In setting up the various pieces of equipment, I was sure to create strong passwords and use key and certificate based encryption or similar security mechanisms in order to keep things secure.

Of course, I kept copies for my own records in a suitable electronic format (I personally do local plus encrypted cloud backups of critical files via Spider Oak). As this is a volunteer job, it is very possible someone else will need to do something with this infrastructure at a later point – when I may no longer be involved with the organization. This left me with the problem of how to document and pass on those passwords and keys in a convenient and durable fashion to those who may follow.

I could prepare a DVD or flash drive with the passwords and keys, etc. in simple text files to hand over. This could work fine but also quickly fall prey to changes in applications or operating systems (e.g.: Wordpad or vi? Unix or DOS line feeds?), hardware technology (how many Android phones have a DVD reader? will USB2/3 ports be usable in 10 years?) or simple hardware failure (scratched DVD). For convenience’s sake, I will provide a soft copy on DVD (as that may be stored easily in a file folder) but there’s one medium all organizations still know how to deal with and store safely: paper.

I could simply print out the passwords and certificates/keys as plain text on sheets of paper, but then someone trying to use it would have to accurately type in that text at a later point where/when required. As we’re talking 100+ characters in some cases, this simply won’t work. Here’s where QR codes come in. I happened upon this blog post which mentioned the idea of using QR codes to store such text as a paper record, able to be machine read for accuracy at a later point. Brilliant!

So here’s a practical example of generating such a paper copy of a password using only online free resources, so no software installation required (of course, there are many programs or apps you may install, should you wish to be off-grid):

The password example:

This1sMy_SuperS3kr3t-pASSwORD=wh1ch*woulD_b3-a-R0y4l+payn3>2>tyP3!

This is a very strong password which, although it isn’t simply random, is still quite secure due to its length (66 chars.) alone. Even the NSA with all its resources would take a very long time to crack it, provided the encryption mechanism doesn’t suffer from a back door or other systemic vulnerability. Given the pseudo english phrasing it would be possible to type or even memorize this password, but it wouldn’t be easy. And a single character discrepancy means not getting in to wherever it protects.

Generating the QR code:
One of many free online QR code generation sites is qrstuff.com. Taking the above password there, we can plug it into their on-line code generator:
Generating the QR code online

And download the image file of that password in a QR code:
Generated QR code

This QR code can then be placed on a printed page.

Reading the QR code to “reawaken” the text:
There are also many online QR reader/decoding sites, including: webqr.com.

This site provides for you to either take a picture of the code via your device’s camera, or upload a file with the code image (say from a scanner or photo of the paper page) and returns the code content.

Uploading the above QR code image file results in the following:
Decoding the QR image

A perfect copy of the original plain text password!

This entry was posted in Computer, Non-Profits, Web Architecture and tagged , , , , , , , , , , , . Bookmark the permalink.

One Response to QR Codes as a Password/Key Storage Mechanism

  1. Don says:

    This was shared on Facebook as a related approach… http://point-at-infinity.org/ssss/

Leave a Reply to Don Cancel reply

Your email address will not be published. Required fields are marked *